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DETAILED ACTION 

CLAIMS PRESENTED 
Claims 1-30 are presented. 

CLAIM REJ2CTIONS 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

1 . The term "substantial" in claims 1 9, 26, and 30 is a relative term which renders the claim 
indefinite. The term "substantial" is not defined by the claim, the specification does not provide a 
standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably 
apprised of the scope of the invention. Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-18, 20-25, and 27-30 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Lettvin, US Patent No. 5826012, and further in view of Ho et al., 

US Patent No. 7188369. 



Application/Control Number: 1 0/81 1 ,71 9 Page 3 

Art Unit: 2136 

As per claim 1, 12, 20: 

Lettvin teaches: 

A method, comprising: 

initializing a virus scanner during a pre-boot phase of a computer system; 
[see col. 4, lines 62-67] 

scrubbing data read from an input/output (I/O) device of the computer system by the virus scanner [using 
a virus signature database] before the data is loaded; and 

[see col. 8, lines 24-32] 
enacting a platform policy if a virus is detected in the data. 

[see col. 8, lines 33-51] 

Lettvin is not explicit in teaching that the virus scanner uses a virus signature database. Ho teaches a 
virus signature database (see figure 2, element 201). It would have been obvious to one of ordinary skill 
in the art to modify the invention taught by Lettvin to include a virus signature database. One would be 
motivated to do this in order to allow to system to use a plurality of virus signatures that can be 
continuously updated and/or replaced (col. 1, lines 29-40). 

As per claim 2, Lettvin teaches: 

The method of claim 1, further comprising scrubbing contents of a memory device of the computer system 
during the pre-boot phase by the virus scanner. 
[see col. 8, lines 24-32] 

As per claim 3, 13, Ho teaches: 

The method of claim 1 , further comprising updating the virus signature database with updated virus 
signatures. 

[see col. 1, lines 50-64] 
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One would be motivated to combine what is taught above by Ho with the Lettvin reference discussed 
above in order to detect newly occurring viruses which may not be present in outdated virus signatures. 

As per claim 4, Ho teaches: 

The method of claim 3 wherein the virus signature database is updated during the pre-boot phase! 
[see col. 1, lines 50-64] 

One would be motivated to combine what is taught above by Ho with the Lettvin reference discussed 
above in order to detect newly occurring viruses ASAP. 

As per claim 5, 14, Lettvin teaches: 

The method of claim 1 wherein the virus signature database is not exposed to an operating system 
executing on the computer system. 
[see col. 3, lines 53-67] 

As per claim 6, 22, Lettvin teaches: 

The method of claim 5 wherein the virus signature database is stored in a firmware-reserved area. 

[see col. 3, lines 53-67] 
As per claim 7, 17, Ho teaches: 

The method of claim 1 wherein the virus scanner is executing in a virtual machine monitor (VMM) 
executing on the computer system, the VMM supporting at least one virtual machine (VM) executing on 
the computer system. 

[see col. 5, lines 25-67] 

As per claim 8, 18, Ho teaches: 
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The method of claim 7 wherein scrubbing data read from the I/O device includes: receiving a request from 
a requester to read data from the I/O device, the requester in a VM of the at least one VM; loading at 
least a portion of the requested data into a buffer; scrubbing the at least a portion of the requested data 
with the virus scanner; returning an error signal to the requester if the virus scanner detects a virus in the 
at least a portion of the requested data; and forwarding the requested data to the requester if the virus 
scanner does not detect a virus in the at least a portion of the requested data. 
[see figures 4 and 5] 

As per claim 9, 15, 24, 28, Ho teaches: 

The method of claim 1 wherein the virus scanner is operable during the pre-boot phase, an operating 
system (OS) runtime phase, and an after-life phase of the computer system independent of an operating 
system of the computer system. 

[see col. 4, lines 63-37 and col. 4, lines 1-2] 
One would be motivated to combine the above teachings of Ho with the Lettvin reference discussed 
above in order to detect viruses during all phases of OS usage. 

As per claim 10, 16, 25, 29, Lettvin teaches: 

The method of claim 1 wherein the virus scanner scrubs the data without having knowledge of a file 
system of the data. 

[see col. 4, lines 62-67] 

As per claim 11, Lettvin teaches: 

The method of claim 1, further comprising enacting the platform policy if the virus scanner detects non- 
normal behavior within the computer system. 
[see col. 8, lines 24-32] 
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As per claim 21, Lettvin teaches: 

The computer system of claim 20, further comprising a network interface operatively coupled to the 
processor, the virus scanner to scrub data read from the network interface using the virus signature 
database before the data is loaded in the memory device. 
[see col. 3, lines 29-52] 

As per claim 23, Ho teaches: 

The system of claim 20 wherein execution of the firmware instructions further perform operations 
comprising updating the virus signature database with updated virus signatures downloaded from an 
external virus signature repository communicatively coupled to the computer system. 
[see col. 5, lines 1-24] 

Downloading the virus signatures from an external repository provides added security and less chance 
that the data can be tampered with. 

As per claim 27: 

A computer system, comprising: 

a virtual machine monitor (VMM) to support at least one virtual machine (VM); 

[see Ho reference, col. 5, lines 25-67] 
an input/output (I/O) device, the VMM to emulate an I/O controller for the I/O device; 

[see Ho reference, col. 1, lines 50-64] 
a virus scanner within the VMM to scrub data read from the I/O device before the data is loaded; and 

[see Lettvin reference, col. 8, lines 24-32] 
a virus signature database to facilitate identification of a virus by the virus scanner. 

[see Ho reference, figure 2, element 201] 
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Claims 19, 26, and 30 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Lettvin and Ho as applied to claim 1 above, and further in view of Huntington 
et al., US Patent No. 6907524. 
As per claim 19, 26, 30: 

The Lettvin and Ho references have been discussed above. Lettvin and Ho are not explicit in teaching: 
"The article of manufacture of claim 12 wherein the plurality of instructions to operate 
substantially in compliance an Extensible Firmware Interface (EFI) specification." 
Huntington teaches a firmware substantially in compliance with the Extensible Firmware Interface (EFI) 
specification (col. 1 , lines 51-55). It would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the methods disclosed by Lettvin and Ho to include what is taught by 
Huntington. One would be motivated to do so in order to provide protection from viruses on computer 
systems that use an Extensible Firmware Interface (col. 1, lines 6-10). 

CONCLUSION 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

POINTS OF CONTACT 

Any response to this Office Action should be faxed to (571) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 
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*. Any inquiry concerning this communication or earlier communications from the examiner should 

be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner can normally 

be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the organization where 

this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be 
obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR system, 
see http://pair-directuspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




Daniel L. Hoang 
9/25/07 




